Some malware may attack anti-virus systems by preventing an anti-virus agent on a client device from connecting with an anti-virus server. By doing so, such malware may reduce the effectiveness of the anti-virus system by preventing the anti-virus agent from receiving malware signature updates, by preventing the anti-virus server from providing remedies for malware problems on the client, and/or by preventing any other type of communication between the anti-virus server and the client. Traditional anti-virus solutions may have difficulty detecting malware that blocks connections between a client and an anti-virus server because such solutions may be unable to distinguish a situation where malware blocks a connection from a situation where the client or the anti-virus server is legitimately off-line or otherwise lacks network connectivity. What is needed, therefore, is a more effective mechanism for determining whether a connection between a client and a server is being blocked.